File _patchinfo of Package patchinfo.7842

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.7842

<patchinfo incident="7842">
  <issue tracker="bnc" id="1088310">python3-botocore-1.9.6 possibly breaking aws-cli</issue>
  <issue tracker="bnc" id="1098125">Tools: update python-botocore to latest version</issue>
  <issue tracker="bnc" id="1118021">Update aws-cli, botocore and dependencies to latest version</issue>
  <issue tracker="bnc" id="1118027">image uploading to EC2 needs to support new architecture argument</issue>
  <issue tracker="bnc" id="1088310">python3-botocore-1.9.6 possibly breaking aws-cli</issue>
  <issue tracker="bnc" id="1105988">VUL-1: CVE-2018-15869: aws-cli: The Amazon Web Services (AWS) CLI version 1.15.85 (and possibly earlierversions) does not require the --owners flag when describing images, which makesit easier for remote attackers to trigger the loading o</issue>
  <issue tracker="bnc" id="1092493">aws CLI tool fails to run: ModuleNotFoundError: No module named 'botocore.vendored'</issue>
  <issue tracker="cve" id="2018-15869"></issue>
  <category>recommended</category>
  <rating>moderate</rating>
  <packager>glaubitz</packager>
  <description>This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues:

aws-cli:

- Update to version 1.16.61. (bsc#1088310)
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.16.1/CHANGELOG.rst
- Update to version 1.16.1 (bsc#1105988, bsc#1092493)
  + CVE-2018-15869: An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, might have unintentionally loaded an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.
- Disable vendored versions of requests and six from botocore and use requests and six
  from the RPM packages.

python-botocore:

- Update to version 1.10.40
  + For detailed changes, please refer to the changelog.
  + Remove the broken attempt to avoid using the bundeled
    requests module provided by the source (bsc#1088310)

python-boto3:

- Version update to 1.9.57 (bsc#1118021, bsc#1118027)
  + For detailed changes, please refer to the changelog.

python-s3transfer:

- Update to version 0.1.13
- Make sure to really not use any bundles.
- enhancement:max_bandwidth: Add ability to set maximum bandwidth consumption for streaming of S3 uploads and downloads.
</description>
  <summary>Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.7842

Places